SECURITY AND COMPLIANCE
See what networking services are in your area
View our high-level approaches to solving business and technology challenges
Learn how peers in your area are working with CenturyLink
Hybrid IT and Cloud
Voice and Unified Communications
Managed and IT Services
Get support, access resources, and explore products and services at centurylink.com.
6 August 2018 | Matt Gutierrez, Senior Managing Director, Asia Pacific
While digital transformation enables business growth, it also opens doors to new threats. Here’s why risk management should be a core component of the digital transformation process, and how organizations can manage risks more effectively.
As enterprises ramp up their digital transformation efforts, tracking and securing data becomes a complex task as data may be located in various locations – such as on-premise, on the cloud, or even outside the organization. This poses a problem especially in highly-regulated industries such as the banking, financial services and insurance sector as financial services institutions (FSIs) are mandated to know where their data is stored and ensure that it is secure.
Having poor risk management is a costly move as the digital age is fraught with cyber threats. Case in point: The cost of cybercrime in Asia Pacific today is estimated to reach up to US$575 billion a year, with FSIs being a key target as they are delivering more services online. The Cyber Security Agency of Singapore (CSA) also revealed that there were 23,420 phishing URLs with a Singapore link last year, which is nearly a tenfold increase from 2,512 in 2016.
Moreover, not complying with regulations will result in hefty fines. Just last year, a Hong Kong branch of a private bank was fined US$900,000 for failing to comply with anti-money laundering rules. This is a cause for concern as regulators are introducing more regulations in an effort to minimize risks associated with adopting digital technologies such as cloud. The Monetary Authority of Singapore (MAS), for example, has introduced a section on cloud computing services in its updated outsourcing guidelines for financial institutions. Under the guidelines, financial institutions are reminded to ensure that their service provider has robust access controls to protect customer information, and such access controls should survive the tenure of the contract of the cloud services.
Additionally, the Association of Banks in Singapore (ABS) encourages FSIs to use OSPAR-certified service providers when outsourcing critical systems and systems handling customer’s personal information. This is because OSPAR (Outsourced Service Provider Audit Report) ensures that outsourced service providers maintain the same level of governance, rigor and consistency as the financial institutions in Singapore.
For organizations that plan to expand their footprint into Europe or have European customers, they will need to ensure that they comply to international regulations like the EU General Data Protection Regulation (GDPR). Enterprises that fail to protect the data of their European customers or fail to provide customer the option to delete their data when requested will face a fine of up to €4 million (US$4.7 million) per case, or 4 percent of their global revenue, whichever is higher.
Despite some of the risks digital transformation brings, enterprises cannot afford to shun them as they need to improve operational efficiency, increase business agility, and enhance customer experience. In the case of banks in Asia Pacific, 80 percent of them plan to run on a hybrid cloud architecture this year to become digital banks. Some banks, such as Standard Chartered in Hong Kong, have taken this a step further by planning to eliminate physical branches and only offer online banking services by leveraging digital technologies. To successfully realize such goals while minimizing risks, enterprises will need to include securing customer data and adherence to regulatory obligations as part of their digital transformation goals.
Since regulations can only help reduce risk if organizations have the necessary skills to comply with them, enterprises are on the constant hunt for cybersecurity professionals, big data and analytics experts, data scientists, and data warehousing experts. However, finding IT talents will become more challenging in future as Asia Pacific is expected to face a shortage of 47 million workers by 2030. One way of overcoming this issue is by turning to a managed services provider (MSP).
Here are four questions enterprises should ask before selecting the right MSP to partner:
The MSP should have adequate controls, in terms of risk assessment, information and communication, information security policies, and sub-contracting – just to name a few.
From physical security to incident management and system vulnerability assessments, the vendor must be able to perform these tasks adequately.
The outsourced partner must act in accordance with contracting procedures, maintain adequate records when it comes to handling data, and perform constant service reporting and monitoring.
The above requirements will be taken care of if a vendor is certified in OSPAR and other relevant regulations.
On top of managed services, organizations can also look to enhance their own risk management capabilities with the power of automation. They can do so by prioritizing assets and segmenting them according to risk, before applying the appropriate controls and safeguards to each segment.
Artificial intelligence (AI) can also help enterprises better manage risks despite the IT talent crunch. AI-powered robotic process automation (RPA), for instance, can help automate repetitive manual tasks such as regulatory reporting. AI can also provide automated decision support and data filtering to improve an organization’s ability to detect, predict, and prevent risk. With AI automatically scanning for new risks, raising alerts and performing automated triage, risk analysts can spend the time they used to take to sort and manipulate data on higher value tasks such as assessing more complex risks.
As organizations continue to scale or transform their business, they will need to keep pace with escalating security and compliance demands as they adopt new technologies. To do so effectively, businesses should bolster their risk management capabilities and ensure that risk management supports their organization’s strategic plans instead of hindering them.
Keen to get more tips on how to minimize your risk while digitally transforming?
Harness the full potential of digital transformation. Follow CenturyLink Asia Pacific on LinkedIn or visit us.
Explore Our Blogs
The future of SD-WAN is here — learn how enterprises can harness its full potential to meet demands in performance, cost, and scalability.
Find out why digital businesses need to establish a comprehensive risk management program, starting from the network edge to the core.
Although there is a lot of noise about totally replacing MPLS with business internet services, Ovum sees few examples of that happening on a large scale. The rumors of MPLS's death have been greatly exaggerated, and it still seems to have some life left.